cant create dirs from vsftpd
Paul Howarth
paul at city-fan.org
Mon Aug 8 14:43:56 UTC 2005
Peter Magnusson wrote:
> selinux-policy-targeted-1.25.3-9 in FC4 surely isnt perfect. Cant create
> dirs when I login over ftp:
>
> type=CWD msg=audit(1123375603.524:11258814): cwd="/home/iocc"
> type=PATH msg=audit(1123375603.524:11258814): item=0 name="mp3" flags=10
> inode=5046274 dev=03:01 mode=040755 ouid=636 ogid=636 rdev=00:00
> type=AVC msg=audit(1123375603.539:11258878): avc: denied { getattr }
> for pid=10556 comm="vsftpd" name="/" dev=0:10 ino=49161
> scontext=root:system_r:ftpd_t tcontext=system_u:object_r:nfs_t tclass=dir
> type=SYSCALL msg=audit(1123375603.539:11258878): arch=40000003
> syscall=196 success=no exit=-13 a0=9527930 a1=9523328 a2=3a3ff4
> a3=797eec items=1 pid=10556 auid=636 uid=636 gid=636 euid=636 suid=636
> fsuid=636 egid=636 sgid=636 fsgid=636 comm="vsftpd" exe="/usr/sbin/vsftpd"
>
> Cant find what I should turn off in /etc/selinux/targeted/booleans to
> make it work. So I need a little help. Later, I want to upload files in
> that dir also.
>
> Also, Im not so sure that I like that I cant see alot of dirs when Im
> logged in at the ftp.
Did you read "man ftpd_selinux"?
I'd suggest:
# setsebool -P ftp_home_dir 1
If your ftp server is running as a daemon rather than from inetd you'll
also need:
# setsebool -P ftpd_is_daemon 1
As you appear to have an NFS-mounted home directory, I'd also suggest
(from "man nfs_selinux"):
# setsebool -P use_nfs_home_dirs 1
Paul.
More information about the fedora-selinux-list
mailing list